Skip to content
This repository was archived by the owner on Mar 25, 2021. It is now read-only.

Commit 41a4bee

Browse files
nictownsendnictownsend
committed
feat: add routes, auth check
- scram router module for authentication, logout, and auth check - no op for no auth - extend auth support to provide additional functions to all modules for checking auth, logging out Contributes-to: #106 Signed-off-by: Nic Townsend <[email protected]>
1 parent 77ee7a3 commit 41a4bee

32 files changed

+510
-218
lines changed

config/static.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,6 @@ const client: Config<Literal> = {};
1414
const server: Config<Literal> = {
1515
defaultServerConfig: {
1616
configValue: {
17-
authentication: {
18-
type: 'none',
19-
},
2017
client: {
2118
configOverrides: {},
2219
transport: {},
@@ -35,6 +32,9 @@ const server: Config<Literal> = {
3532
contextRoot: '/',
3633
port: 9080,
3734
transport: {},
35+
authentication: {
36+
type: 'none',
37+
},
3838
},
3939
session: {
4040
name: 'strimzi-ui',

package.json

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,11 +51,13 @@
5151
"apollo-link-http": "^1.5.17",
5252
"apollo-server-express": "^2.18.2",
5353
"axios": "^0.21.0",
54+
"body-parser": "^1.19.0",
5455
"compression-webpack-plugin": "^4.0.0",
5556
"express": "^4.17.1",
5657
"express-session": "^1.17.1",
5758
"express-static-gzip": "^2.1.0",
5859
"graphql": "^15.4.0",
60+
"graphql-tag": "^2.11.0",
5961
"graphql-ws": "^1.14.0",
6062
"helmet": "^4.2.0",
6163
"html-webpack-plugin": "^4.5.0",

server/README.md

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -20,22 +20,22 @@ This directory contains all server code for the Strimzi UI - ie code which is re
2020

2121
As described in [the configuration approach](../docs/Architecture.md#configuration-and-feature-flagging), the UI server's configuration is provided via a file, which is then watched at runtime for modification. This configuration file is expected to be called `server.config.json` (available in the same directory as the `node` executable is run from), but this can be configured at runtime via environment variable `configPath`, dictating a different path and file name. The file must be either valid JSON or JS. The server also hosts configuration for discovery by the client via the `config` module. The configuration options for the server provided in the previously mentioned configuration file are as follows:
2222

23-
| Configuration | Required | Default | Purpose |
24-
| ---------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
25-
| authentication.strategy | No | `none` | What authentication strategy to use to authenticate users. See [the security section](#security) for details of the available options. |
26-
| authentication.configuration | No | `{}` | Any additional configuration required for the provided authentication strategy `authentication.strategy` . See [the security section](#security) for details of the available options. |
27-
| client.configOverrides | No | `{}` | Overrides to send to the client. See [client configuration for further details](#client-configuration). These values will take precedence over any others provided. |
28-
| client.publicDir | No | `/dist/client` | The location of the built client to serve. |
29-
| client.transport.cert | No | N/A - if one of `client.transport.cert` or `client.transport.key` are not provided, server will be HTTP | PEM certificate presented to browsers on connecting to the UI server. |
30-
| client.transport.key | No | N/A - if one of `client.transport.cert` or `client.transport.key` are not provided, server will be HTTP | PEM certificate private key for the certificate provided in `client.transport.cert`. |
31-
| client.transport.ciphers | No | default set from [node's tls module](https://nodejs.org/api/tls.html#tls_modifying_the_default_tls_cipher_suite) | TLS ciphers used/supported by the HTTPS server for client negotiation. Only applies if starting an HTTPS server. |
32-
| client.transport.minTLS | No | `TLSv1.2` | Minimum TLS version supported by the server. Only applies if starting an HTTPS server. Set to `TLSv1.2` for browser compatibility. |
33-
| featureFlags | No | `{}` | Feature flag overrides to set. The configuration is as per the format specified [here](#feature-flags). These values will take precedence over any others provided. |
34-
| hostname | No | '0.0.0.0' | The hostname the UI server will be bound to. |
35-
| logging | No | TBD | Logging configuration settings. Format to be defined in https://github.com/strimzi/strimzi-ui/issues/24 |
36-
| modules | No | Object - [enabled modules and configuration can be found here](../docs/Architecture.md#router-controller-data-pattern) | The modules which are either enabled or disabled. |
37-
| port | No | 3000 | The port the UI server will be bound to. |
38-
| proxy.transport.cert | No | If not provided, SSL certificate validation of the upstream admin server is disabled | CA certificate in PEM format of the backend admin server api requests are to be sent to. |
39-
| proxy.hostname | Yes | N/A | The hostname of the admin server to send api requests to. |
40-
| proxy.port | Yes | N/A | The port of the admin server to send api requests to. |
41-
| session.name | no | `strimzi-ui` | The name used to identify the session cookie |
23+
| Configuration | Required | Default | Purpose |
24+
| ---------------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
25+
| client.configOverrides | No | `{}` | Overrides to send to the client. See [client configuration for further details](#client-configuration). These values will take precedence over any others provided. |
26+
| client.publicDir | No | `/dist/client` | The location of the built client to serve. |
27+
| client.transport.cert | No | N/A - if one of `client.transport.cert` or `client.transport.key` are not provided, server will be HTTP | PEM certificate presented to browsers on connecting to the UI server. |
28+
| client.transport.key | No | N/A - if one of `client.transport.cert` or `client.transport.key` are not provided, server will be HTTP | PEM certificate private key for the certificate provided in `client.transport.cert`. |
29+
| client.transport.ciphers | No | default set from [node's tls module](https://nodejs.org/api/tls.html#tls_modifying_the_default_tls_cipher_suite) | TLS ciphers used/supported by the HTTPS server for client negotiation. Only applies if starting an HTTPS server. |
30+
| client.transport.minTLS | No | `TLSv1.2` | Minimum TLS version supported by the server. Only applies if starting an HTTPS server. Set to `TLSv1.2` for browser compatibility. |
31+
| featureFlags | No | `{}` | Feature flag overrides to set. The configuration is as per the format specified [here](#feature-flags). These values will take precedence over any others provided. |
32+
| hostname | No | '0.0.0.0' | The hostname the UI server will be bound to. |
33+
| logging | No | TBD | Logging configuration settings. Format to be defined in https://github.com/strimzi/strimzi-ui/issues/24 |
34+
| modules | No | Object - [enabled modules and configuration can be found here](../docs/Architecture.md#router-controller-data-pattern) | The modules which are either enabled or disabled. |
35+
| port | No | 3000 | The port the UI server will be bound to. |
36+
| proxy.transport.cert | No | If not provided, SSL certificate validation of the upstream admin server is disabled | CA certificate in PEM format of the backend admin server api requests are to be sent to. |
37+
| proxy.hostname | Yes | N/A | The hostname of the admin server to send api requests to. |
38+
| proxy.port | Yes | N/A | The port of the admin server to send api requests to. |
39+
| proxy.authentication.type | No | `none` | What authentication strategy to use to authenticate users. See [the security section](#security) for details of the available options. |
40+
| proxy.authentication.configuration | No | `{}` | Any additional configuration required for the provided authentication strategy `authentication.strategy` . See [the security section](#security) for details of the available options. |
41+
| session.name | no | `strimzi-ui` | The name used to identify the session cookie |

server/client/client.feature

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,9 +46,9 @@ Feature: client module
4646
# if the route (not file) is not matched, we redirect to index.html. Hence / and someroute response
4747
Examples:
4848
| Asset | StatusCode |
49-
| /index.html | 200 |
49+
| /index.html | 302 |
5050
| /images/picture.svg | 200 |
5151
| /doesnotexist.html | 404 |
5252
| /someroute | 302 |
5353
| /protected.html | 302 |
54-
| / | 200 |
54+
| / | 302 |

server/client/client.steps.ts

Lines changed: 2 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,8 @@
33
* License: Apache License 2.0 (see the file LICENSE or http://apache.org/licenses/LICENSE-2.0.html).
44
*/
55
import merge from 'lodash.merge';
6-
import { And, Then, Fusion } from 'jest-cucumber-fusion';
7-
import {
8-
stepWithWorld,
9-
stepWhichUpdatesWorld,
10-
} from 'test_common/commonServerSteps';
6+
import { And, Fusion } from 'jest-cucumber-fusion';
7+
import { stepWhichUpdatesWorld } from 'test_common/commonServerSteps';
118

129
And(
1310
'There are no files to serve',
@@ -27,13 +24,4 @@ And('There are files to serve', () => {
2724
// NO_OP - the `client_only` configuration is already configured to serve fixture files
2825
});
2926

30-
Then(
31-
/I get the expected status code '(.+)' response/,
32-
stepWithWorld((world, statusCode) => {
33-
const expectedStatus = parseInt(statusCode as string);
34-
const { request } = world;
35-
return request.expect(expectedStatus);
36-
})
37-
);
38-
3927
Fusion('client.feature');

server/client/controller.ts

Lines changed: 15 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -3,30 +3,29 @@
33
* License: Apache License 2.0 (see the file LICENSE or http://apache.org/licenses/LICENSE-2.0.html).
44
*/
55

6-
import { resolve, sep } from 'path';
7-
import { existsSync, readdirSync } from 'fs';
6+
import { resolve, sep } from "path";
7+
import { existsSync, readdirSync } from "fs";
88

99
// function to recursively get all files from a directory
1010
const getFilesInDirectory: (directory: string) => Array<string> = (directory) =>
1111
existsSync(directory)
1212
? readdirSync(directory, { withFileTypes: true }).reduce((acc, fileObj) => {
13-
return fileObj.isFile()
14-
? acc.concat([`${directory}${sep}${fileObj.name}`])
15-
: acc.concat(
16-
getFilesInDirectory(`${directory}${sep}${fileObj.name}`)
17-
);
18-
}, [] as string[])
13+
return fileObj.isFile()
14+
? acc.concat([`${directory}${sep}${fileObj.name}`])
15+
: acc.concat(
16+
getFilesInDirectory(`${directory}${sep}${fileObj.name}`)
17+
);
18+
}, [] as string[])
1919
: [];
2020

2121
// mark a subset of files as public - this means any user can access them. These entries will be used in a regex - if the test passes, it will be considered public
2222
const publicFiles = [
23-
'images/*',
24-
'fonts/*',
25-
'favicon.ico',
26-
'index.html',
27-
'main.css',
28-
'main.bundle.js',
29-
'main.bundle.js.gz',
23+
"images/*",
24+
"fonts/*",
25+
"favicon.ico",
26+
"main.css",
27+
"main.bundle.js",
28+
"main.bundle.js.gz",
3029
];
3130

3231
export const getFiles: (
@@ -57,7 +56,7 @@ export const getFiles: (
5756

5857
return {
5958
totalNumberOfFiles: allFilesInClientDirectory.length,
60-
hasIndexFile: allFilesInClientDirectory.includes('/index.html'),
59+
hasIndexFile: allFilesInClientDirectory.includes("/index.html"),
6160
protectedFiles: protectedFiles,
6261
builtClientDir,
6362
};

server/client/router.ts

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ export const ClientModule: UIServerModule = {
3030

3131
// add the auth middleware to all non public files
3232
protectedFiles.forEach((file) => routerForModule.get(`${file}`, checkAuth));
33+
routerForModule.get('/', checkAuth);
3334

3435
// host all files from the client dir
3536
routerForModule.get(
@@ -40,9 +41,10 @@ export const ClientModule: UIServerModule = {
4041

4142
// if no match, not a file (path contains '.'), and we have an index.html file, redirect to it (ie return index so client navigation logic kicks in). Else do nothing (404 unless another module handles it)
4243
hasIndexFile &&
43-
routerForModule.get(/^((?!\.).)+$/, (req, res) =>
44-
res.redirect(`/index.html`)
45-
);
44+
routerForModule.get(/^((?!\.).)+$/, (req, res) => {
45+
logger.info('Redirecting to index');
46+
res.redirect(`/`);
47+
});
4648

4749
return exit({ mountPoint: '/', routerForModule });
4850
},

0 commit comments

Comments
 (0)